[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 07/10] hw/i386/amd_iommu.c: Fix corruption of log events passed to
From: |
Michael S. Tsirkin |
Subject: |
[PULL 07/10] hw/i386/amd_iommu.c: Fix corruption of log events passed to guest |
Date: |
Tue, 31 Mar 2020 10:57:16 -0400 |
From: Peter Maydell <address@hidden>
In the function amdvi_log_event(), we write an event log buffer
entry into guest ram, whose contents are passed to the function
via the "uint64_t *evt" argument. Unfortunately, a spurious
'&' in the call to dma_memory_write() meant that instead of
writing the event to the guest we would write the literal value
of the pointer, plus whatever was in the following 8 bytes
on the stack. This error was spotted by Coverity.
Fix the bug by removing the '&'.
Fixes: CID 1421945
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/i386/amd_iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index b1175e52c7..fd75cae024 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -181,7 +181,7 @@ static void amdvi_log_event(AMDVIState *s, uint64_t *evt)
}
if (dma_memory_write(&address_space_memory, s->evtlog + s->evtlog_tail,
- &evt, AMDVI_EVENT_LEN)) {
+ evt, AMDVI_EVENT_LEN)) {
trace_amdvi_evntlog_fail(s->evtlog, s->evtlog_tail);
}
--
MST
- [PULL 00/10] virtio, pci, pc: bugfixes, checkpatch, maintainers, Michael S. Tsirkin, 2020/03/31
- [PULL 01/10] checkpatch: enforce process for expected files, Michael S. Tsirkin, 2020/03/31
- [PULL 02/10] MAINTAINERS: Add myself as virtio-balloon co-maintainer, Michael S. Tsirkin, 2020/03/31
- [PULL 03/10] virtio-serial-bus: Plug memory leak on realize() error paths, Michael S. Tsirkin, 2020/03/31
- [PULL 04/10] acpi: pcihp: fix left shift undefined behavior in acpi_pcihp_eject_slot(), Michael S. Tsirkin, 2020/03/31
- [PULL 06/10] virtio-iommu: avoid memleak in the unrealize, Michael S. Tsirkin, 2020/03/31
- [PULL 08/10] fix vhost_user_blk_watch crash, Michael S. Tsirkin, 2020/03/31
- [PULL 07/10] hw/i386/amd_iommu.c: Fix corruption of log events passed to guest,
Michael S. Tsirkin <=
- [PULL 10/10] vhost-vsock: fix double close() in the realize() error path, Michael S. Tsirkin, 2020/03/31
- [PULL 05/10] virtio-blk: delete vqs on the error path in realize(), Michael S. Tsirkin, 2020/03/31
- [PULL 09/10] acpi: add acpi=OnOffAuto machine property to x86 and arm virt, Michael S. Tsirkin, 2020/03/31
- Re: [PULL 00/10] virtio, pci, pc: bugfixes, checkpatch, maintainers, Peter Maydell, 2020/03/31